[IPython-dev] how to prevent spam, ddos, etc. from IPython notebooks

MinRK benjaminrk at gmail.com
Mon Mar 16 13:27:14 EDT 2015 

On Mon, Mar 16, 2015 at 10:58 AM, William Stein <wstein at gmail.com> wrote:

>
>
> On Monday, March 16, 2015, MinRK <benjaminrk at gmail.com> wrote:
>
>> tmpnb (try.jupyter.org) takes a similar, if more restrictive, approach
>> to SageMathCloud. User containers simply have no network access. We should
>> probably adopt a strict whitelist of services like William has done.
>>
>>
> Do people complain?
>

I think we've had a question or two, but not much that I'm aware of. Unlike
SMC, try.jupyter is really for doing quick demos of the notebook itself,
not a hosted place to do actual work, which I think results in a big
difference in expectations of what should be possible or allowed. The
network lockdown emphasizes that, as does the ephemeral nature of the
containers.

-MinRK


>
>
>> -MinRK
>>
>> On Mon, Mar 16, 2015 at 8:14 AM, William Stein <wstein at gmail.com> wrote:
>>
>>> On Mon, Mar 16, 2015 at 6:55 AM, Robert Alexander
>>> <roalexan at microsoft.com> wrote:
>>> > Do people have any advice/experience on how to prevent spam, ddos,
>>> etc. from
>>> > users' IPython notebooks? Since arbitrary Python code is what IPython
>>> > notebook is all about (see:
>>> > http://ipython.org/ipython-doc/dev/notebook/security.html), this
>>> might be
>>> > difficult to achieve.
>>>
>>> For SageMathCloud (https://cloud.sagemath.com), which hosts IPython
>>> notebook servers, by default I use a firewall to disable most outside
>>> network access by default.  Uses can write to me to explain what they
>>> are doing and request network access.
>>>
>>> Last year I was having fairly regular problems with people using
>>> SageMathCloud to launch hacking attacks against targets, which
>>> resulted in complaints from those targets.   I also had problems with
>>> people downloading content, e.g., from MathSciNet, which violated
>>> their terms of usage (this was an unintentional mistake by a grad
>>> student).    Basically, SageMathCloud would regularly get flagged by
>>> University of Washington Netops.  Once I setup a firewall with a small
>>> *whitelist* (including, e.g., github), I haven't had one single
>>> problem like this.
>>>
>>>  -- William
>>>
>>> >
>>> >
>>> > _______________________________________________
>>> > IPython-dev mailing list
>>> > IPython-dev at scipy.org
>>> > http://mail.scipy.org/mailman/listinfo/ipython-dev
>>> >
>>>
>>>
>>>
>>> --
>>> William (http://wstein.org)
>>> _______________________________________________
>>> IPython-dev mailing list
>>> IPython-dev at scipy.org
>>> http://mail.scipy.org/mailman/listinfo/ipython-dev
>>>
>>
>>
>
> --
> William (http://wstein.org)
>
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20150316/eaccbd16/attachment.html>

More information about the IPython-dev mailing list